Diaspora is only a stop on the way to social network nirvana

Sat, 11/02/2013 - 15:17 -- webmaster

There seems to be a bunch of folks getting tired of Facebook's censoring and restrictions who are looking for something more in line with their philosophy. Diaspora has gotten a lot of new accounts from them, and its not a bad move on their part. Diaspora does allow more freedom to construct your own identity as well as not having such draconian data practices.

On Diaspora you don't need to prove your identity. You can name yourself whatever you want and they don't care. There's even some security from casual observation, which can protect you from employers seeking out information about you. But don't believe for a second that the FBI/DEA/NSA can't see everything you're posting.

Diaspora pods are federated, which means you have to select one as your home base. The pods communicate with each other using SSL encryption, but we know that SSL is badly broken and for the NSA it is merely an inconvenience. And internally to a pod your data isn't encrypted, so if some JBTs have access to the pod server, your data is as good as theirs. Sure, you can host your own pod, but that's quite geeky still and gives no real assurance of privacy from TLA goons.

The problem here is that we are still using servers. Servers centralize data and give attackers a target. That can change in the near future though, as new technologies like BitTorrent, Bitcoin, and Namecoin have shown. A P2P infrastructure can be built that would allow for serverless P2P truly cloud based computing to host a social network that stores and controls access to your social data with real security.

Sidebar for the less technical folks.

On the left is a typical small website being accessed. The user connects to the Internet and to a website. That website is on a server somewhere. If the server crashes or is overwhelmed by user requests the user doesn't get to see the website.

In the middle is a picture of a medium to large scale website being accessed by a user. The user's session (i.e. current site visit) is sent to one of several servers that can show them the site. If one of the servers is down, the others can pick up the slack. So-called cloud servers simply take this to a higher level of abstraction, allowing the site owner to work as if there is only one server. But the virtual server is still vulnerable to many of the same attacks, such as subpeonas and NSA "letters".

On the right is a proposed model for a truly cloud based server. The user goes to a "site", which is actually a conglomeration of other users' computers. The tasks involved in showing the user the website are split up between a handful of other user machines in a P2P fashion. Those machines might access a virtual database in a similar fashion.

Imagine a general purpose distributed database similar to BitTorrent, with an overlay of a programming language that distributes processing power to the same P2P network nodes. As you are browsing a site, the "backend" processing of that site is run in small chunks on dozens of your friends' computers, while your browser hands out a fraction of your computer's processing power to the site that your friends are visiting.

A comparison to Bitcoin pool mining might be instructive. A Bitcoin mining pool takes the process (doing tons of hashes to produce a "correct" block) and spreads that amongst the pool members' computers. For now the pools are hosted on regular web servers, but that doesn't need to be the case. Just like Bitcoin has a ledger that is in the cloud, the work assignments for a Bitcoin pool could also be hosted in the cloud. Take that scenario and abstract it out to a more general case, and you get the ability to run processes in the cloud without needing a server.

Start with a distributed identity system, build upon that a distributed bittorrent like database, add on top of that a distributed processing system, add a distributed DNS layer. Servers disappear, being replaced by true cloud-based virtual servers (unlike the so-called cloud servers that are really centralized corporate virtual servers hidden behind a cloud-like appearance). All this will, of course, need to be built with data security and full encryption built in from the beginning.

Once we have this infrastructure built, we can then create our desired goal of a social network free from censorship, misregulation, and spying. We can also have safe versions of online stores like Silk Road was supposed to be.

Much of the groundwork for this can be built as a browser plugin, but I do see an eventual move to apps that use this framework as their basis and browser code as the display element.

Final note: one key ingredient I'm envisioning is the end of saving source code in files. For a long time it has bugged me that we aren't storing souce code in databases, but still use plain text files. If instead we put the code into a database, with version control and all that, we can place that database into the cloud. Developers with proper clearance can update code to new versions while users can continue using stable versions of the code. Updates to software would simply increment the version of the program's code in user's preferences.

Postscript: I am rhelwig@joindiaspora.com on Diaspora. I joined over two years ago, and only now is it becoming more than a wasteland.